Skip to content

Lab 1: Challenges

This week we have some hacking challenges to complete.

Task 1: The Linux Trainer.

We will be using a lot of Linux in the module, (and you will also be using it in the OS module), being comfortable with the command line is going to be a great help from next week.

The Linux trainer is a wargame style set of levels based around basic linux command line. If you have done anything like Bandit by over the wire, or IO on netgarage you will see where I got the inspiration from

Task: Linux Trainer

You don't need to it all this week, but the Linux trainer should help you get back up to speed with some basic Linux commands.

I know we ran through the Linux trainer in the first year, but this is an opportunity to remind yourself (and if you have done it all-ready, its going to be easy right...)

Instructions

Once you have a working version of Docker you can start the Linux trainer using

$ docker run -p 22:22 --name nixtrainer --rm cueh/nixtrainer

After a while you the docker image should start up and you will get the welcome screen.

==============================================================
|                                                            |
|                  CUEH:  Linux Trainer                      |
|                                                            |
|   To get started SSH into the trainer with:                |
|                                                            |
|                 Username:  level0                          |
|                 Password:  level0                          |
|                                                            |
|   IP address For SSH is 172.17.0.2/16                      |
|                                                            |
|                                                            |
|   To exit the trainer you will need to run                 |
|   docker stop nixtrainer                                   |
|                                                            |
==============================================================

Important

Docker is now running the SSH service in the foreground of that termnal window. The system hasnt hung, but you will need to use a new termnal window for the next part.

You can now access the challenges using SSH. I like to use the command line, but you can use putty / mobaterm or whatever.

Also, if you are using WSL, (or trying to connect between systems) the IP address given in the header will only work on the host system. Use the actual network address of the host to connect.

ssh level0@172.17.0.2

Follow the instructions to complete all of the levels.
We will have a walkthrough of some of the levels in the Lab session.

Task 2: CTF challenges

Don't Panic!! (or take it too easy)

  • No idea what you are doing?
  • Wondering how you could do this without being taught anything?

Don't stress about this too much. Part of the plan here is to give you an idea of what the rest of the module will be like. If you have no idea what you are doing now, give it a couple of weeks and you will. Its great to get a feeling of progress.

For the Skills test part of the coursework, you will need to perform a pen-test of a VM.

To Give you an idea of what that is going to be like, this task has a Boot-2-Root style challenge for you to play with. Try getting the user and root flags

Task: Complete a simple CTF

Complete the CTF style challenges on Github The Docker compose files needed to start the challenges can be found on the Class Github

XSS Challenge

I also have an Real world exploit with XSS for you to play with. Put this together as part of a CTF.

Hints

  1. Work out the application that is running
  2. Google for a CVE related to it
  3. Try to work out how to send the payload to the server (I used Python Requests)
  4. Grab the Admin users cookies and login.
  5. (Optional) Push the exploit and get a remote shell onto the box
  6. (Optional) Try to get root.....

RCE / Shells Challenge

You have the login for a teacher:

  • User: Todhunter
  • Password: IAm@F1sh

Hints

  1. Its another real world CVE. Google the Evil Teacher Bug
  2. Try to get a remote shell on the server.
  3. (You can get root on this too, Enjoy)
Back to top